From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by mx.groups.io with SMTP id smtpd.web11.10581.1679697084188648028 for ; Fri, 24 Mar 2023 15:31:24 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@linux.microsoft.com header.s=default header.b=dn57vWp2; spf=pass (domain: linux.microsoft.com, ip: 13.77.154.182, mailfrom: mikuback@linux.microsoft.com) Received: from localhost.localdomain (unknown [47.201.8.94]) by linux.microsoft.com (Postfix) with ESMTPSA id 5512F20FC4EC; Fri, 24 Mar 2023 15:31:23 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 5512F20FC4EC DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1679697083; bh=kSShrOdgfiZOQlXOWM0zlTJUC2soTRsSUylURPwgNd0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=dn57vWp2M43sM+x7plb85Yhrw/19QelMfj6bJJggHKhZa1No0axINSv4k+UNQBRH9 C+4yAE8vGaX3Ps+SSx4nrG+eY8XpbIgMd2OneuzPEY2YKuy84MLn9QYzMda/QsgLj/ hLh3tSM0LpbFbuQnvG0UuFWlcLCqxehalfgtg4nA= From: "Michael Kubacki" To: devel@edk2.groups.io Cc: Sean Brogan , Michael Kubacki , Michael D Kinney Subject: [PATCH v7 11/12] .github/codeql/edk2.qls: Enable CWE 457, 676, and 758 queries Date: Fri, 24 Mar 2023 18:30:33 -0400 Message-Id: <20230324223034.1560-12-mikuback@linux.microsoft.com> X-Mailer: git-send-email 2.40.0.windows.1 In-Reply-To: <20230324223034.1560-1-mikuback@linux.microsoft.com> References: <20230324223034.1560-1-mikuback@linux.microsoft.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable From: Michael Kubacki The previous commits fixed issues with these queries across various packages. Now that those are resolved, enable the queries in the edk2 query set so regressions can be found in the future. Enables: 1. cpp/conditionallyuninitializedvariable - CWE: https://cwe.mitre.org/data/definitions/457.html - @name Conditionally uninitialized variable - @description An initialization function is used to initialize a local variable, but the returned status code is not checked. The variable may be left in an uninitialized state, and reading the variable may result in undefined behavior. - @kind problem - @problem.severity warning - @security-severity 7.8 - @id cpp/conditionally-uninitialized-variable - @tags security - external/cwe/cwe-457 2. cpp/pointer-overflow-check - CWE: https://cwe.mitre.org/data/definitions/758.html - @name Pointer overflow check - @description Adding a value to a pointer to check if it overflows relies on undefined behavior and may lead to memory corruption. - @kind problem - @problem.severity error - @security-severity 2.1 - @precision high - @id cpp/pointer-overflow-check - @tags reliability - security - external/cwe/cwe-758 3. cpp/potential-buffer-overflow - CWE: https://cwe.mitre.org/data/definitions/676.html - @name Potential buffer overflow - @description Using a library function that does not check buffer bounds requires the surrounding program to be very carefully written to avoid buffer overflows. - @kind problem - @id cpp/potential-buffer-overflow - @problem.severity warning - @security-severity 10.0 - @tags reliability - security - external/cwe/cwe-676 - @deprecated This query is deprecated, use Potentially overrunning write (`cpp/overrunning-write`) and Potentially overrunning write with float to string conversion (`cpp/overrunning-write-with-float`) instead. Note that cpp/potential-buffer-overflow is deprecated. This query will be updated to the succeeding queries in the next commit. The query is used in this commit to show that we considered and tested the query in history. Cc: Sean Brogan Cc: Michael Kubacki Cc: Michael D Kinney Signed-off-by: Michael Kubacki Reviewed-by: Michael D Kinney --- .github/codeql/edk2.qls | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/codeql/edk2.qls b/.github/codeql/edk2.qls index ef9aae790f5f..dc2d87764e93 100644 --- a/.github/codeql/edk2.qls +++ b/.github/codeql/edk2.qls @@ -8,7 +8,14 @@ =20 # Enable individual queries below. =20 +- include: + id: cpp/conditionallyuninitializedvariable - include: id: cpp/infinite-loop-with-unsatisfiable-exit-condition - include: id: cpp/overflow-buffer +- include: + id: cpp/pointer-overflow-check +- include: + id: cpp/potential-buffer-overflow + --=20 2.40.0.windows.1